In a secure tactical network there are a number of access networks interconnected by an encrypted backbone. Information exchange is not allowed across the access and backbone boundary. In order to manage the quality of service, controlling access to the backbone, which is often limited in bandwidth resource, is needed.
Military wireless networks carrying heterogeneous traffic with multiple levels of survivability present a challenging admission control problem. These unique challenges include: encryption boundaries that prevent communicating the state information known on the WAN (backbone) side to the LAN where admission control is implemented; and the capacity of wireless links that can change with time (fading or mobility) that cause the available network resources between a source node and a destination node to fluctuate requiring an adaptive admission technique that avoids over-loading the wireless links.
In one prior art solution to the problem, the General Dynamics Corporation C4S's Measurement Based Admission Control (MBAC), a feedback mechanism is used in which a congestion indicator, identified as “severity level”, is sent from the destination to the source to regulate traffic. However, the severity level alone is insufficient for the source to adequately regulate the network traffic. The severity level is used to allow the source to infer the congestion status and then to determine the calls that belong to a particular DSCP (Differentiated Services Code Point) to preempt. This approach is only a first step for regulating traffic into the network. The congestion level is not a critical piece of information for the source. The amount of traffic that has to be preempted is the most important information to the source. Often, due to a lack of precise information with regard to how much traffic needs to be preempted, or how much bandwidth is still available, the MBAC framework relies on a “trial-and-error” technique, making the method very slow to react.
One of the main features of the invention is the intelligent usage of the available bandwidth estimates of a tunnel across a black network, while the network is congested. “Available bandwidth” is defined as the amount traffic that has been successfully sent, or equivalently, the carried traffic. A “tunnel” is defined as a pair of source and destination red enclaves which send and receive traffic to and from the black network. These bandwidth estimates are used by the Call Admission Control (CAC) engine to regulate traffic into the tunnel. A “black network” as used herein is a secure (encrypted) wireless network that handles encrypted traffic.
When the tunnel is under-loaded, i.e. the offered traffic is less than the maximum amount of traffic the tunnel can carry, if the “headroom bandwidth” of the tunnel, which is defined as the amount of bandwidth that can be used by new traffic, is available through estimation techniques, the CAC engine can selectively admit forthcoming traffic into the network without overloading the black network while protecting the higher priority traffic. If the “headroom bandwidth estimate” is not readily available to the CAC engine, the calls can be admitted into the network, and the second part of the framework, which deals with overload conditions, will be triggered to force the system into a stable state in a speedy manner.
The presence of cross-over traffic which is originated and admitted from other nodes into the network and utilizes the same bottleneck link or degraded RF conditions can cause the tunnel to be congested or overloaded. When overload occurs, the amount of offered traffic injected into the tunnel is larger than the amount of traffic the tunnel can carry. In accordance with the teachings of the present invention, the amount of carried traffic is measured and provided to the CAC engine. The CAC engine selectively preempts the appropriate flows to ease the overload condition, in a manner such that higher priority traffic flows are protected.
There still exists a need for call admission control and preemption control over a secure tactical network where a source node located in the LAN transmits packets through a secure black backbone (WAN), in which data are encrypted, to a destination node located in another LAN. Due to security concerns, there is virtually no information about the WAN that can be sent to the source or destination nodes. Accordingly, it is very difficult to manage the end-to-end Quality-of-Service in this type of network architecture. The present invention provides a solution to overcome this problem.
In order to overcome the limitations found in the prior art and to improve the network performance the present invention provides a method so that source is aware quantitatively of the amount of traffic that needs to be preempted during periods of congestion.